├── .gitignore
├── Dockerfile
├── README.md
├── docker-compose.yaml
└── entrypoint.sh


/.gitignore:
--------------------------------------------------------------------------------
1 | secrets/*


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM debian:bookworm
 2 | 
 3 | RUN apt-get update \
 4 |     && apt-get upgrade -y \
 5 |     && apt-get install -y --no-install-recommends \
 6 |             iproute2 wireguard openresolv iptables \
 7 |     && apt-get clean \
 8 |     && rm -rf /var/lib/apt/lists/*
 9 | 
10 | ADD entrypoint.sh /opt/wireguard-docker/
11 | ENTRYPOINT /opt/wireguard-docker/entrypoint.sh
12 | 
13 | EXPOSE 51820/udp
14 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # wireguard-docker
 2 | 
 3 | ### Setup
 4 | 
 5 | * Clone the repo and create a folder named `secrets`.
 6 | * Create `wg0.conf` in secrets with all your wireguard configuration, see below for an example.
 7 | * Modify `docker-compose.yaml` to put your DNS server IPs. Sorry for hardcoding mine, I didn't really intend to make this repo public.
 8 | * Run `docker-compose up -d`
 9 | 
10 | 
11 | ### Example `wg0.conf`
12 | 
13 | ```
14 | [Interface]
15 | Address = 192.168.2.1/24
16 | DNS = 1.1.1.1, 8.8.8.8
17 | PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
18 | PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
19 | ListenPort = 51820
20 | PrivateKey = {server's private key}
21 | 
22 | [Peer] # My phone
23 | PublicKey = {client's public key}
24 | AllowedIPs = 192.168.2.2/32
25 | ```
26 | 


--------------------------------------------------------------------------------
/docker-compose.yaml:
--------------------------------------------------------------------------------
 1 | version: '3.1'
 2 | 
 3 | services:
 4 |   wireguard:
 5 |     restart: always
 6 |     cap_add:
 7 |       - NET_ADMIN
 8 |       - SYS_MODULE
 9 |     build:
10 |       context: .
11 |     ports:
12 |       - 51820:51820/udp
13 |     secrets:
14 |       - wg0.conf
15 |     sysctls:
16 |       - net.ipv4.conf.all.src_valid_mark=1
17 |     dns:
18 |       - 192.168.4.113
19 |       - 192.168.4.30
20 | 
21 | secrets:
22 |   wg0.conf:
23 |     file: ./secrets/wg0.conf
24 | 


--------------------------------------------------------------------------------
/entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | set -e
3 | 
4 | wg-quick up /run/secrets/wg0.conf
5 | 
6 | sleep infinity &
7 | wait
8 | 


--------------------------------------------------------------------------------